How to test if ssh server allows passwords?

I want to test whether or not an ssh server allows passwords and immediately close the connection without actually attempting a login.

Something like this:

allows_password=$(ssh --some-option example.com)
if [ -z "$allows_password" ]; then
  echo "Insecure Server Options"
else
  echo "Insecure Password Access is not Allowed, Great!"
fi

I've actually done this once before, but I couldn't find old script or docs. Sad day. :-/


I found my old script:

ssh -v -n \
  -o Batchmode=yes \
  -o StrictHostKeyChecking=no \
  -o UserKnownHostsFile=/dev/null \
  DOES_NOT_EXIST@localhost 2>&1 | grep password
  • The -o Batchmode=yes option causes a non-interactive mode where a fallback to password results in failure.

  • The -v causes the authentication methods to be displayed (among other things).

  • The -n causes ssh to not open a shell (often used with tunneling), which in this case will cause it to immediately exit (just in case you're connecting to a honeypot or a service like serveo.net that allows clients without authentication)

  • -o StrictHostKeyChecking=no and -o UserKnownHostsFile=/dev/null automatically accepts the host without writing it to the known-hosts file.

  • 2>&1 forwards debug messages (stderr) to the logging system (stdout) so that grep can do its magic

If password authentication is enabled for some users, it will shows as enabled for all users (but fail after the prompt), as far as I can tell. I suspect this is so that you can't positively id that a user exists on the system.

And so that I don't lose it again: https://coolaj86.com/articles/testing-if-ssh-allows-passwords/